Distribution device, key information sharing system, method of controlling distribution device, and recording medium

ABSTRACT

A server comprises circuitry configured to distribute key information to a first portable terminal. The key information includes information indicating whether locking and unlocking of a vehicle, making the vehicle travel, and using a content providing device that provides digital contents in a vehicle cabin are permitted. The key information further includes restricted function information indicating that locking and unlocking of the vehicle and use of the content providing device are permitted but traveling of the vehicle is not permitted. The key information further includes deliverable information making the key information deliverable to another terminal. The deliverable information is excluded from the key information when the key information is sent from the first portable terminal to a second portable terminal.

INCORPORATION BY REFERENCE

The present application is a continuation of and claims the benefit ofpriority from U.S. application Ser. No. 16/177,804, filed on Nov. 1,2018, which claims the benefit of priority from Japanese PatentApplication No. 2017-237004 filed on Dec. 11, 2017; the entire contentsof each of which are incorporated herein by reference.

BACKGROUND 1. Technical Field

The present disclosure relates to a distribution device that distributeskey information of a vehicle, a key information sharing system thatshares the key information, a method of controlling a distributiondevice, and a non-transitory computer-readable recording medium storinga program causing a computer to execute the method of controlling adistribution device.

2. Description of Related Art

A system that enables use of a vehicle by transmitting key informationfrom a portable terminal carried by a user of the vehicle to the vehicle(hereinafter may be referred to as “key system”) has been developed.Here, the key information is information associated with the vehicle,and is information for making the vehicle available for use.

For example, Japanese Unexamined Patent Application Publication No.2015-169008 (JP 2015-169008 A) discloses a system that enables operationof a vehicle in a case where key authentication is established betweenan electronic key (smart key) and the vehicle when identificationinformation transmitted from the electronic key to the vehicle matchesidentification information of the vehicle and terminal authentication isestablished between the vehicle and the portable terminal on whichpairing is being performed. In this case, the identification informationtransmitted from the electronic key to the vehicle corresponds to thekey information.

Japanese Unexamined Patent Application Publication No. 2012-041709 (JP2012-041709 A) discloses a technique for delivering key information on aspecific vehicle to another user (third party), the key informationbeing information on an electronic key carried by a user. In thetechnique disclosed in JP 2012-041709 A, first, a user terminal carriedby the user receives key information from the electronic key of the userthrough short-range wireless communication. Next, the user terminaltransmits the key information to a third party terminal carried by thethird party. Then, an electronic key of the third party receives the keyinformation received by the third party terminal through the short-rangewireless communication. Accordingly, the electronic key of the thirdparty can be used as a key for the specific vehicle.

SUMMARY

A content providing device capable of providing various digital contents(movie, music, book, game, website, and the like) in a vehicle cabin canbe mounted on the vehicle. In a case where such a content providingdevice is mounted on the vehicle, it is possible to use the vehicle as aspace for using contents that can be provided by the content providingdevice even when the vehicle does not travel. Therefore, in a time slotin a case where an owner of a vehicle on which such a content providingdevice is mounted does not use the host vehicle, utilizing the hostvehicle more effectively can be considered by lending the host vehicleto other person as the content use space.

Here, in a case where a vehicle adopts the key system as describedabove, by providing key information of the vehicle to another person whowants to use the vehicle as the content use space, the other person canuse the vehicle. A problem, however, occurs in this case, that is, theother person that can use the vehicle not only can use the vehicle as acontent use space but also can make the vehicle travel.

The present disclosure provides a distribution device, a key informationsharing system, a method of controlling a distribution device, and anon-transitory readable recording medium storing a program causing acomputer to execute the method of controlling a distribution device thatenables the vehicle on which the content providing device is mounted tobe more suitably utilized as the content use space.

A first aspect of the present disclosure relates to a distributiondevice. The distribution device includes a server device configured todistribute key information to a portable terminal. The key informationis used for a key system that determines whether or not to lock andunlock a vehicle, to make the vehicle travel, and to use a contentproviding device that provides digital contents in a vehicle cabin ofthe vehicle by transmitting the key information from the portableterminal to the vehicle. The server device is configured to distributethe key information to which restricted function information is added,to the portable terminal. The restricted function information isinformation indicating that locking and unlocking of the vehicle and useof the content providing device are permitted but traveling of thevehicle is not permitted.

The distribution device according to the first aspect of the presentdisclosure distributes the key information of the vehicle on which thecontent providing device is mounted to the portable terminal carried bya user of the vehicle. That is, the user can use the vehicle byreceiving the key information from the distribution device by theportable terminal. On the other hand, in the distribution deviceaccording to the first aspect of the present disclosure, the restrictedfunction information is added to the key information distributed to theportable terminal by the server device. Here, the restricted functioninformation is information indicating that locking and unlocking of thevehicle and use of the content providing device are permitted buttraveling of the vehicle is not permitted according to the keyinformation. In other words, in a case where the restricted functioninformation is added to the key information received by the portableterminal from the distribution device, locking and unlocking of thevehicle and use of the content providing device are permitted buttraveling of the vehicle is not permitted by transmitting the keyinformation from the portable terminal to the vehicle. Here, a state inwhich the vehicle can travel is a state in which the vehicle can travelby controlling a drive source (internal combustion engine or motor) ofthe vehicle.

Therefore, by adding the restricted function information to the keyinformation distributed to the portable terminal carried by the user ofthe vehicle, use of the vehicle as the content use space by the user ispossible but traveling of the vehicle by the user is not possible.Therefore, it possible to more suitably utilize the vehicle on which thecontent providing device is mounted as the content use space bydistributing the key information to which such restricted functioninformation is added from the distribution device.

In the distribution device according to the first aspect of the presentdisclosure, the server device may be configured to distribute the keyinformation to which deliverable and receivable information making thekey information deliverable and receivable between a first user terminalthat is a portable terminal carried by a first user of the vehicle and asecond user terminal that is a portable terminal carried by a seconduser of the vehicle without going through the server device is addedtogether with the restricted function information, to the first userterminal.

In this case, for example, the first user may be an owner of the vehicleand the second user may be the other person who borrows the vehicleowned by the first user as the content use space. In the above case, inthe distribution device, the deliverable and receivable informationtogether with the restricted function information is added to the keyinformation distributed to the first user terminal by the server device.Here, the deliverable and receivable information enables the keyinformation to be transmitted from the first user terminal to the seconduser terminal without going through the server device. In other words,in a case where the deliverable and receivable information is not addedto the received key information, the first user terminal cannot transmitthe key information to the second user terminal.

The first user can deliver the key information in a state in which therestricted function information is added, to the second user terminal ofthe second user, by receiving the key information to which thedeliverable and receivable information together with the restrictedfunction information is added using the first user terminal. Then, thesecond user receives the key information in a state in which therestricted function information is added, which is transmitted from thefirst user terminal, using the second user terminal, and can use thevehicle solely as the content use space.

According to the first aspect of the present disclosure, since the keyinformation in a state in which the restricted function information isadded can be transmitted from the first user terminal to the second userterminal without going through the server device, it is possible to moresmoothly deliver the key information in a case of lending the vehicle asthe content use space. On the other hand, since the key informationdelivered to the second user terminal is also distributed from thedistribution device, the key information delivered from the first userterminal to the second user terminal can be recorded or managed on adistribution device side. Therefore, it is possible to deliver the keyinformation to the second user terminal while security is ensured.

A second aspect of the present disclosure relates to a key informationsharing system. The key information sharing system includes a first userterminal that is a portable terminal carried by a first user of avehicle, a second user terminal that is a portable terminal carried by asecond user of the vehicle, and a server device configured to distributekey information to the first user terminal. The key information is usedfor a key system that determines whether or not to lock and unlock thevehicle, to make the vehicle travel, and to use a content providingdevice that provides digital contents in a vehicle cabin of the vehicleby transmitting the key information from the first user terminal or thesecond user terminal to the vehicle. The server device is configured todistribute the key information to which restricted function informationis added, to the first user terminal. The restricted functioninformation is information indicating that locking and unlocking of thevehicle and use of the content providing device are permitted buttraveling of the vehicle is not permitted. The server device isconfigured to distribute the key information to which deliverable andreceivable information making the key information deliverable andreceivable between the first user terminal and the second user terminalwithout going through the server device is added together with therestricted function information, to the first user terminal. The firstuser terminal is configured to transmit the key information in a statein which the restricted function information is added, to the seconduser terminal according to an input manipulation of the first user in acase where the deliverable and receivable information together with therestricted function information is added to the key information receivedfrom the server device.

With the key information sharing system according to the second aspectof the present disclosure, the first user receives the key informationto which the deliverable and receivable information together with therestricted function information is added from the server device usingthe first user terminal. Then, according to the input manipulation tothe first user terminal by the first user, the key information in astate in which the restricted function information is added is deliveredto the second user terminal. Accordingly, the second user can use thevehicle solely as the content use space.

In the key information sharing system according to the second aspect ofthe present disclosure, the first user terminal may include aninter-terminal communicator configured to transmit the key informationin a state in which the restricted function information is added, to thesecond user terminal according to the input manipulation of the firstuser in a case where the deliverable and receivable information togetherwith the restricted function information is added to the key informationreceived from the server device.

A third aspect of the present disclosure relates to a method ofcontrolling a distribution device. The distribution device includes aserver device configured to distribute key information to a portableterminal, and the key information is used for a key system thatdetermines whether or not to lock and unlock a vehicle, to make thevehicle travel, and to use a content providing device that providesdigital contents in a vehicle cabin of the vehicle by transmitting thekey information from the portable terminal to the vehicle. The methodincludes generating the key information to which restricted functioninformation is added using the server device, the restricted functioninformation being information indicating that locking and unlocking ofthe vehicle and use of the content providing device are permitted buttraveling of the vehicle is not permitted, and distributing the keyinformation to which the restricted function information is added, tothe portable terminal using the server device.

A fourth aspect of the present disclosure relates to a non-transitoryreadable recording medium storing a program causing a computer toexecute a method of controlling a distribution device. The distributiondevice includes a server device configured to distribute key informationto a portable terminal. The key information is used for a key systemthat determines whether or not to lock and unlock a vehicle, to make thevehicle travel, and to use a content providing device that providesdigital contents in a vehicle cabin of the vehicle by transmitting thekey information from the portable terminal to the vehicle. The programcauses a control process of the distribution device to be executed. Thecontrol process includes generating the key information to whichrestricted function information is added using the server device, therestricted function information being information indicating thatlocking and unlocking of the vehicle and use of the content providingdevice are permitted but traveling of the vehicle is not permitted, anddistributing the key information to which the restricted functioninformation is added, to the portable terminal using the server device.

According to the aspects of the present disclosure, it is possible tomore suitably utilize a vehicle on which a content providing device ismounted as the content use space.

BRIEF DESCRIPTION OF THE DRAWINGS

Features, advantages, and technical and industrial significance ofexemplary embodiments of the present disclosure will be described belowwith reference to the accompanying drawings, in which like numeralsdenote like elements, and wherein:

FIG. 1 is a diagram illustrating an outline of a key system according toan embodiment;

FIG. 2 is a block diagram schematically illustrating an example of aconfiguration of a portable terminal, a server device, and a vehiclecontrol device mounted on a vehicle illustrated in FIG. 1 ;

FIG. 3 is a diagram illustrating processing and data flow in a casewhere a door of the vehicle is unlocked;

FIG. 4 is a diagram for describing a method of delivering and receivingauthentication information in an authentication information sharingsystem according to the embodiment;

FIG. 5 is a diagram illustrating processing and data flow in a casewhere the authentication information is provided from a first user to asecond user;

FIG. 6 is a diagram illustrating processing and data flow in a casewhere the second user unlocks the door of the vehicle; and

FIG. 7 is a diagram for describing a method of delivering and receivingauthentication information in an authentication information sharingsystem according to a third modification example of the embodiment.

DETAILED DESCRIPTION OF EMBODIMENTS

Hereinafter, specific embodiments of the present disclosure will bedescribed with reference to the drawings. Dimensions, materials, shapes,relative dispositions, and the like of components described in theembodiment are not intended to limit the technical scope of the presentdisclosure solely to those unless otherwise specified.

Embodiment

Outline of Key System

FIG. 1 is a diagram illustrating an outline of a key system according toan embodiment. The key system according to the embodiment is configuredto include a vehicle control device 11 mounted on a vehicle 10, aportable terminal 200, and a server device 400. The portable terminal200 is a terminal carried by a person (user) who uses the vehicle 10.The server device 400 is a distribution device that distributesauthentication information associated with the vehicle 10.

In the key system according to the embodiment, the portable terminal 200and the server device 400 are connected to each other via a network suchas the Internet which is a public communication network. Then, theportable terminal 200 transmits a distribution request of theauthentication information associated with the vehicle 10 to the serverdevice 400. When the server device 400 receives the distribution requestfrom the portable terminal 200, the server device 400 distributes theauthentication information to the portable terminal 200. The portableterminal 200 transmits the authentication information received from theserver device 400 to the vehicle control device 11 mounted on thevehicle 10 through short-range wireless communication. The vehiclecontrol device 11 authenticates the authentication information receivedfrom the portable terminal 200. In a case where the authenticationinformation is successfully authenticated, the vehicle control device 11can control the vehicle 10. In the embodiment, the authenticationinformation is an example of “key information” and the server device 400is an example of “distribution device”.

System Configuration of Key System

Each component in the key system according to the embodiment will bedescribed with reference to FIG. 2 . FIG. 2 is a block diagramschematically illustrating an example of the configuration of theportable terminal 200, the server device 400, and the vehicle controldevice 11 mounted on the vehicle 10 illustrated in FIG. 1 . The vehiclecontrol device 11 includes a key unit 100 that communicates with theportable terminal 200 and a control device 300 that executes variouscontrols on the vehicle 10.

Specifically, the control device 300 executes a locking and unlockingcontrol for locking and unlocking a door of the vehicle 10 bycontrolling a door lock actuator 12 of the vehicle 10. The controldevice 300 executes an engine control such as a start control forstarting an engine 13 which is a drive source of the vehicle 10. Thecontrol device 300 controls a content providing device 14 mounted on thevehicle 10. Here, the content providing device 14 is a device thatprovides various digital contents (movie, music, book, game, website,and the like) in a vehicle cabin of the vehicle 10. The contentproviding device 14 can acquire the content to be provided to the userin the vehicle cabin from the outside via a network such as theInternet. The content providing device 14 may store storage means forstoring the content in advance. Then, the content providing device 14provides desired content to the user according to the manipulation bythe user in the vehicle cabin. The control device 300 transmits andreceives radio waves in a radio frequency (hereinafter referred to asRF) band and a low frequency (hereinafter referred to as LF) band to andfrom the key unit 100 in the vehicle 10, so that the control device 300executes the above-described control.

The control device 300 is configured to include an LF transmitter 301,an RF receiver 302, a collation electronic control unit (ECU) 303, abody ECU 304, an engine ECU 305, and a content ECU 306. The LFtransmitter 301 is a device that transmits radio waves in an LF band(for example, 100 KHz to 300 KHz) for checking (polling) the key unit100. The RF receiver 302 is a device that receives radio waves in an RFband (for example, 100 MHz to 1 GHz) transmitted from the key unit 100.

The collation ECU 303 is a computer that controls the body ECU 304, theengine ECU 305, and the content ECU 306 based on a command signaltransmitted from the key unit 100 via radio waves in the RF band. Thecollation ECU 303 is constituted by, for example, a microcomputer. Thecollation ECU 303 authenticates that the command signal transmitted fromthe key unit 100 is transmitted from an authorized device. Specifically,the collation ECU 303 determines whether or not a key ID included in thecommand signal matches a key ID stored in advance in a storage unit ofthe collation ECU 303.

In a case where the collation ECU 303 successfully authenticates the keyID, the collation ECU 303 transmits a command according to the commandsignal to the body ECU 304, the engine ECU 305, and the content ECU 306via an in-vehicle network such as a controller area network (CAN).Specifically, in a case where the command signal received from the keyunit 100 is a locking signal, the collation ECU 303 transmits a lockingcommand for locking the door of the vehicle 10 to the body ECU 304. In acase where the command signal received from the key unit 100 is anunlocking signal, the collation ECU 303 transmits an unlocking commandfor unlocking the door of the vehicle 10 to the body ECU 304. In a casewhere the command signal received from the key unit 100 is an enginestart permission signal, the collation ECU 303 transmits an engine startpermission command for making a state of the engine 13 of the vehicle 10enter into an engine startable state, to the engine ECU 305. In a casewhere the command signal received from the key unit 100 is a content usepermission signal, the collation ECU 303 transmits a content usepermission command for making the content providing device 14 mounted onthe vehicle 10 available to the content ECU 306.

The body ECU 304 is a computer that controls a body of the vehicle 10.The body ECU 304 is electrically connected to the door lock actuator 12that locks and unlocks the door of the vehicle 10. The body ECU 304 hasa function of unlocking and locking the door of the vehicle 10 bycontrolling the door lock actuator 12 based on the unlocking command orthe locking command received from the collation ECU 303.

The engine ECU 305 is a computer that controls the engine 13 of thevehicle 10. The engine ECU 305 is electrically connected to variousdevices that control the engine 13, such as a fuel injection valve, aspark plug, a throttle valve, and a starter (all not shown). In a casewhere the engine ECU 305 receives the engine start permission commandfrom the collation ECU 303, the engine ECU 305 enters into the enginestartable state capable of starting the engine 13 that has been stopped.The engine startable state is a state in which the start control of theengine 13 by the engine ECU 305 can be performed in a case where anignition switch (or push start switch) is turned on in the vehicle 10.

The content ECU 306 is a computer that controls the content providingdevice 14. The content ECU 306 is electrically connected to the contentproviding device 14. In a case where the content ECU 306 receives acontent use permission command from the collation ECU 303, the contentECU 306 enters into a content usable state capable of controlling thecontent providing device 14. In a case where the content ECU 306 entersinto the content usable state, the user can manipulate the contentproviding device 14 in the vehicle cabin.

The key unit 100 will be described. The key unit 100 is a devicedisposed at a predetermined position (for example, in a glovecompartment) in the vehicle cabin of the vehicle 10. The key unit 100has a function of authenticating the portable terminal 200 by performingshort-range wireless communication with the portable terminal 200 and afunction of transmitting a command signal to the control device 300 byusing radio waves in the RF band based on the authentication result. Thekey unit 100 is configured to include an LF receiver 101, an RFtransmitter 102, a short-range communication unit 103, and a controller104.

The LF receiver 101 is a device that receives a polling signaltransmitted from the control device 300 via radio waves in the LF band.The RF transmitter 102 is a device that transmits a command signal tothe control device 300 via radio waves in the RF band. The short-rangecommunication unit 103 is a device that communicates with the portableterminal 200 outside the vehicle 10. The short-range communication unit103 performs communication at a short range (to the extent thatcommunication between the inside of the vehicle cabin and the outside ofthe vehicle cabin can be performed) using a predetermined wirelesscommunication standard. Examples of communication standards that can beused for communication by the short-range communication unit 103 caninclude Bluetooth (registered trademark) Low Energy standard, near fieldcommunication (NFC), ultra wide band (UWB), and Wi-Fi (registeredtrademark).

The controller 104 is a computer that performs processing of short-rangewireless communication with the portable terminal 200, processing ofauthenticating the portable terminal 200, processing of transmitting acommand signal to the control device 300, and the like. The controller104 is constituted by, for example, a microcomputer.

The controller 104 has a function of controlling the LF receiver 101,the RF transmitter 102, and the short-range communication unit 103. Thecontroller 104 authenticates the authentication information included ina control request transmitted from the portable terminal 200 throughshort-range wireless communication. Specifically, the controller 104determines whether the authentication information transmitted from theportable terminal 200 matches the authentication information stored inadvance in the storage unit of the controller 104. In a case where theauthentication is successful, the controller 104 transmits a commandsignal according to the control request received from the portableterminal 200 to the control device 300 via the RF transmitter 102.Specifically, in a case where the control request received from theportable terminal 200 is a locking request, the controller 104 transmitsthe locking signal to the control device 300. In a case where thecontrol request received from the portable terminal 200 is an unlockingrequest, the controller 104 transmits the unlocking signal, the enginestart permission signal, and the content use permission signal to thecontrol device 300.

At this time, the key unit 100 transmits a key ID together with thecommand signal to the control device 300. The key ID may be stored inadvance in the key unit 100 in a plain text state or may be stored in astate encrypted with a cryptogram unique to the portable terminal 200.In a case where the key ID is stored in the encrypted state, theencrypted key ID may be decrypted by the authentication informationtransmitted from the portable terminal 200 to obtain the original keyID.

The portable terminal 200 will be described. The portable terminal 200is a compact computer such as a smartphone, a mobile phone, a tabletterminal, a personal information terminal, or a wearable computer (suchas a smart watch). The portable terminal 200 is configured to include ashort-range communication unit 201, a communication unit 202, aninter-terminal communicator 205, a controller 203, and an input andoutput unit 204.

The short-range communication unit 201 is a device that communicateswith the key unit 100 of the vehicle control device 11 according to thesame communication standard as that of the short-range communicationunit 103. The communication unit 202 is a device that connects theportable terminal 200 to a network in order to communicate with theserver device 400. The communication unit 202 can communicate with theserver device 400 via the network using, for example, a mobilecommunication service such as 3G or LTE. The inter-terminal communicator205 is means for communicating with another portable terminal. Theinter-terminal communicator 205 may be a device that performsshort-range wireless communication with another portable terminal withthe same communication standard as that of the short-range communicationunit 201. Similar to the communication unit 202, the inter-terminalcommunicator 205 may be a device that communicates with another portableterminal via the network.

The controller 203 is a computer that controls the portable terminal200. The controller 203 is constituted by, for example, a microcomputer.The controller 203 controls the short-range communication unit 201, thecommunication unit 202, and the inter-terminal communicator 205according to an input manipulation performed on the input and outputunit 204 by the user. For example, the controller 203 performsprocessing of requesting distribution of the authentication informationcorresponding to the vehicle 10 to the server device 400 via thecommunication unit 202 and receiving the distributed authenticationinformation. The authentication information received from the serverdevice 400 is stored in the storage unit of the controller 203. Thecontroller 203 generates a control request according to the inputmanipulation by the user and performs processing of transmitting thecontrol request together with the authentication information stored inthe storage unit to the key unit 100 via the short-range communicationunit 201. The controller 203 transmits the authentication informationreceived from the server device 400 to another portable terminal via theinter-terminal communicator 205. The details of delivering and receivingof the authentication information between the portable terminals via theinter-terminal communicator 205 will be described later.

The input and output unit 204 also functions as means for receiving theinput manipulation performed by the user and presenting information tothe user. Specifically, the input and output unit 204 configured toinclude a touch panel display and control means of the touch paneldisplay. The input and output unit 204 may include a hardware switch orthe like manipulated by the user.

Operation of Key System

Here, the operation of the key system in a case where the user controlsthe vehicle 10 using the portable terminal 200 will be described bytaking a case of unlocking the door of the vehicle 10 as an example.FIG. 3 is a diagram illustrating processing and data flow in a casewhere the door of the vehicle 10 is unlocked.

In a case where the user performs a manipulation of unlocking the doorof the vehicle 10 to the portable terminal 200, the portable terminal200 transmits authentication information together with the unlockingrequest to the key unit 100 of the vehicle control device 11 (S101).Then, the key unit 100 performs authentication processing based on theauthentication information received from the portable terminal 200(S102). In a case where the authentication information is successfullyauthenticated, the key unit 100 transmits the key ID together with theunlocking signal, the engine start permission signal, and the contentuse permission signal to the control device 300 (S103). Then, thecontrol device 300 performs authentication processing based on the keyID received from the key unit 100 (S104). In a case where the key ID issuccessfully authenticated, the control device 300 performs an unlockingcontrol for unlocking the door of the vehicle 10, an engine startpermission control for making the engine ECU 305 enter into the enginestartable state, and a content use permission control for making thecontent ECU 306 enter into the content usable state (S105).

Sharing of Authentication Information

With the key system described above, in a case where the authenticationinformation is received by the portable terminal carried by the user ofthe vehicle 10, the portable terminal can be used as the key of thevehicle 10. Here, in a case where an owner of the vehicle 10(hereinafter also referred to as “first user”) lends the vehicle 10 toanother person (hereinafter also referred to as “second user) as thecontent use space by using such a key system, the first user needs toprovide the authentication information to the second user. Hereinafter,according to the embodiment, an authentication information sharingsystem that provides the authentication information from the first userto the second user will be described.

FIG. 4 is a diagram for describing a method of delivering and receivingthe authentication information in the authentication information sharingsystem according to the embodiment. FIG. 5 is a diagram illustratingprocessing and data flow in a case where the authentication informationis provided from the first user to the second user. Hereinafter, theportable terminal carried by the first user will be referred to as afirst user terminal 200 a and the portable terminal carried by thesecond user will be referred to as a second user terminal 200 b. Thefirst user terminal 200 a and the second user terminal 200 b have thesame configuration as that of the portable terminal 200 illustrated inFIG. 2 . Therefore, not only the first user terminal 200 a but also thesecond user terminal 200 b can perform short-range wirelesscommunication with the vehicle control device 11 of the vehicle 10. Forthis reason, in a case where the second user terminal 200 b acquires theauthentication information corresponding to the vehicle 10, the seconduser can use the second user terminal 200 b as a key of the vehicle 10.Therefore, in the embodiment, the first user terminal 200 a acquires theauthentication information for lending from the server device 400 andthe authentication information is delivered from the first user terminal200 a to the second user terminal 200 b.

Here, the configuration of the server device 400 will be described withreference to FIG. 4 . The server device 400 is a computer having amicroprocessor, and following functions are implemented by executing aprogram using the microprocessor. However, some or all of the functionsmay be implemented by hardware circuits such as ASIC or FPGA. The serverdevice 400 does not need to be implemented by one computer, and may beimplemented by cooperation of a plurality of computers.

As illustrated in FIG. 4 , the server device 400 includes a requestreception unit 401, an information generation unit 402, an informationtransmission unit 403, and a management unit 404. The request receptionunit 401 is means for receiving a distribution request of authenticationinformation transmitted from the first user terminal 200 a. The requestreception unit 401 receives the distribution request transmitted fromthe first user terminal 200 a via a network.

The information generation unit 402 is means for generating theauthentication information according to the distribution request fromthe first user terminal 200 a received by the request reception unit401. The information generation unit 402 generates the authenticationinformation associated with the vehicle 10 to be used. The informationtransmission unit 403 is means for transmitting the authenticationinformation generated by the information generation unit 402 to thefirst user terminal 200 a. The information transmission unit 403transmits the authentication information to the first user terminal 200a via the network. The management unit 404 is means for managing adistribution status of the authentication information in the serverdevice 400. For example, the management unit 404 associates and storesthe authentication information to be distributed and a portable terminalthat is a distribution destination.

Then, in a case where the first user lends the vehicle 10 to the seconduser as the content use space, the first user transmits the distributionrequest of the authentication information for lending from the firstuser terminal 200 a to the server device 400 by manipulating the firstuser terminal 200 a (S201 in FIG. 5 ). At this time, the first userpermits the second user to access the vehicle cabin of the vehicle 10(that is, locking and unlocking of the door of the vehicle 10) and tomanipulate the content providing device 14, but does not permittraveling of the vehicle 10 by the second user (that is, the seconduser's driving of the vehicle 10). Therefore, the first user requests toadd restricted function information (RF (in the drawings describing theembodiment, simply referred to as “RF” in some cases)) I3 to theauthentication information for lending in a stage of requestingdistribution of the authentication information for lending to the serverdevice 400. Here, the restricted function information (RF) I3 isinformation by which the execution of the engine start permissioncontrol by the vehicle control device 11 of the vehicle 10 isrestricted.

In the server device 400, in a case where the request reception unit 401receives the distribution request and the restricted function request ofthe authentication information for lending (S201 in FIG. 5 ), theinformation generation unit 402 adds deliverable and receivableinformation (DR (in the drawings describing the embodiment, simplyreferred to as “DR” in some cases)) I2 together with the restrictedfunction information (RF) I3 to the authentication information I1associated with the vehicle 10 (S202 in FIG. 5 ). Here, the deliverableand receivable information (DR) I2 is information that enables theauthentication information I1 to be delivered and received between thefirst user terminal 200 a and the second user terminal 200 b withoutgoing through the server device 400. That is, by the deliverable andreceivable information (DR) I2 being added to the authenticationinformation I1, the authentication information I1 can be transmittedfrom the first user terminal 200 a to the second user terminal 200 b. Inother words, unless the deliverable and receivable information (DR) I2is added to the authentication information I1 received from the serverdevice 400, the first user terminal 200 a cannot transmit theauthentication information I1 to the second user terminal 200 b. Then,the information transmission unit 403 transmits the authenticationinformation I1 in a state in which the deliverable and receivableinformation (DR) I2 and the restricted function information (RF) I3 areadded, to the first user terminal 200 a (S203 in FIG. 5 ). The serverdevice 400 may be constituted by a plurality of server devices. In thiscase, a server device that adds the deliverable and receivableinformation (DR) I2 to the authentication information I1 and a serverdevice that adds the restricted function information (RF) I3 to theauthentication information I1 may be different from each other. However,also in this case, the authentication information I1 in a state in whichthe deliverable and receivable information (DR) I2 and the restrictedfunction information (RF) I3 are added is transmitted to the first userterminal 200 a.

In a case where the first user terminal 200 a receives theauthentication information I1 to which the deliverable and receivableinformation (DR) I2 and the restricted function information (RF) I3 areadded, the first user terminal 200 a transmits the authenticationinformation I1 in a state in which the restricted function information(RF) I3 is added, to the second user terminal 200 b via aninter-terminal communicator 205 a according to the input manipulation ofthe first user (S204 of FIG. 5 ). The second user terminal 200 b storesthe authentication information I1 in a state in which the restrictedfunction information (RF) I3 is added, which is received from the firstuser terminal 200 a via an inter-terminal communicator 205 b, in thestorage unit of the controller 203. The deliverable and receivableinformation (DR) I2 is not added to the authentication information I1transmitted from the first user terminal 200 a to the second userterminal 200 b. Accordingly, the authentication information I1 cannot betransmitted from the second user terminal 200 b to another portableterminal. Therefore, it is possible to prevent the vehicle 10 from beinglent again.

Operation of Key System

In the embodiment, the operation of the key system in a case where thesecond user unlocks the door of the vehicle 10 using the second userterminal 200 b having the authentication information I1 in a state inwhich the restricted function information (RF) I3 is added, will bedescribed. FIG. 6 is a diagram illustrating processing and data flow ina case where the door of the vehicle 10 is unlocked using the seconduser terminal 200 b.

In a case where the second user performs a manipulation of unlocking thedoor of the vehicle 10 in the second user terminal 200 b, the seconduser terminal 200 b transmits the authentication information in a statein which the restricted function information (RF) I3 is added togetherwith the unlocking request, to the key unit 100 of the vehicle controldevice 11 (S301). Then, the key unit 100 performs the authenticationprocessing based on the authentication information received from thesecond user terminal 200 b (S302). The authentication processing itselfin S302 is similar to the authentication processing in S102 of FIG. 3 .However, in a case where the restricted function information (RF) I3 isadded to the authentication information, even in a case where theauthentication information is successfully authenticated in theauthentication processing in S302, the engine start permission signal isnot transmitted from the key unit 100. That is, only the unlockingsignal and the content use permission signal together with the key IDare transmitted to the control device 300 from the key unit 100 (S303).Then, the control device 300 that has received the unlocking signaltogether with the key ID performs the authentication processing based onthe key ID (S304). In a case where the key ID is successfullyauthenticated, the control device 300 performs the unlocking control forunlocking the door of the vehicle 10 and the content use permissioncontrol for making the content ECU 306 enter into the content usablestate (S305). At this time, since the control device 300 has notreceived the engine start permission signal from the key unit 100, thecontrol device 300 does not perform the engine start permission controlfor making the engine ECU 305 enter into the engine startable state.

As described above, in a case where the restricted function information(RF) I3 is added to the authentication information to be transmittedfrom the second user terminal 200 b to the key unit 100 of the vehiclecontrol device 11, the engine ECU 305 does not enter into the enginestartable state. For this reason, the second user carrying the seconduser terminal 200 b can lock and unlock the door of the vehicle 10 andmanipulate the content providing device 14, but cannot start the engine13 of the vehicle 10. Therefore, the second user cannot make the vehicle10 travel using the second user terminal 200 b. That is, in theembodiment, the engine ECU 305 becomes unable to enter into the enginestartable state, as a result, the vehicle 10 becomes unable to enterinto a state in which the vehicle can travel.

In this way, by the restricted function information (RF) I3 being addedto the authentication information delivered from the first user terminal200 a to the second user terminal 200 b, it is possible to lend thevehicle 10 to the second user as the content use space, and also toprohibit traveling (driving) of the vehicle 10 by the second user.Therefore, the vehicle 10 on which the content providing device 14 ismounted can be more suitably utilized as the content use space.

With the authentication information sharing system, since theauthentication information in a state in which the restricted functioninformation (RF) I3 is added can be transmitted from the first userterminal 200 a to the second user terminal 200 b without going throughthe server device 400, it is possible to more smoothly deliver andreceive the authentication information in a case where the first userlends the vehicle 10 to the second user as the content use space. Withthe authentication information sharing system, the authenticationinformation delivered to the second user terminal 200 b is alsodistributed from the server device 400. Therefore, it is possible tosuppress generation of the authentication information without limit inthe first user terminal 200 a and delivery of the generatedauthentication information to another portable terminal. As a result, itis possible to share the authentication information between the firstuser terminal 200 a and the second user terminal 200 b while security isensured. In addition, since the authentication information for lendingis also distributed from the server device 400, the authenticationinformation delivered from the first user terminal 200 a to the seconduser terminal 200 b can be recorded or managed on a server device 400side.

First Modification Example

In the above embodiment, the vehicle control device 11 has the key unit100. The authentication information is transmitted from the portableterminal 200 to the key unit 100, and then the key ID is transmittedfrom the key unit 100 to the control device 300. However, it is alsopossible to adopt a configuration in which the key unit 100 is notinterposed between the portable terminal 200 and the control device 300.In this case, the key ID associated with the vehicle 10 is distributedfrom the server device 400 to the portable terminal 200. Then, the keyID is transmitted from the portable terminal 200 to the control device300. In this case, the key ID is an example of “the key information”.Also in the case of adopting such a configuration, by the deliverableand receivable information (DR) I2 and the restricted functioninformation (RF) I3 being added to the key ID to be distributed from theserver device 400 to the first user terminal 200 a, the key ID in astate in which the restricted function information (RF) I3 is added canbe delivered and received between the first user terminal 200 a and thesecond user terminal 200 b. Accordingly, the second user can lock andunlock the door of the vehicle 10 and manipulate the content providingdevice 14, but cannot start the engine I3 of the vehicle 10.

Second Modification Example

In the above embodiment, the restricted function information (RF) I3added to the authentication information for lending is set asinformation restricting the execution of the engine start permissioncontrol by the vehicle control device 11 of the vehicle 10. Accordingly,the engine ECU 305 becomes unable to enter into the engine startablestate using the second user terminal 200 b, as a result, the vehicle 10becomes unable to enter into the state in which the vehicle can travel.However, the restricted function information (RF) I3 is not limited tosuch information as long as the information is not able to make thevehicle 10 enter into the state in which the vehicle can travel by theauthentication information for lending. Therefore, for example, therestricted function information (RF) I3 may be set as information thatenables the execution of the engine start permission control by thevehicle control device 11 but causes the output control of the engine 13based on the accelerator operation amount of the vehicle 10 to be notpossible (that is, information to block an input of an output signal ofan accelerator operation amount sensor to the engine ECU 305). Even in acase where the restricted function information (RF) I3 is set as suchinformation, it is possible to prohibit traveling (driving) of thevehicle 10 by the second user.

Third Modification Example

FIG. 7 is a diagram for describing a method of delivering and receivingauthentication information in the authentication information sharingsystem according to the modification example. In the authenticationinformation sharing system according to the above embodiment, asillustrated in FIG. 4 , the authentication information for lending thatis used for lending a vehicle to the second user is distributed from theserver device 400 to the first user terminal 200 a, and theauthentication information for lending is transmitted from the firstuser terminal 200 a to the second user terminal 200 b. However, asillustrated in FIG. 7 , it is also possible to adopt a system in whichthe authentication information for lending is directly transmitted fromthe server device 400 to the second user terminal 200 b.

Even in a case of the modification example, a distribution request and arestricted function request of authentication information for lendingare transmitted from the first user terminal 200 a to the server device400. At this time, information on the second user terminal 200 b to be atransmission destination of the authentication information for lendingis also transmitted to the server device 400. Then, the server device400 specifies the second user terminal 200 b based on the receivedinformation and transmits the authentication information I1 in a statein which the restricted function information (RF) I3 is added, to thesecond user terminal 200 b. Even with such a system, it is possible toprovide the authentication information to which the restricted functioninformation (RF) I3 is added, to the second user. However, as describedabove, in the authentication information sharing system (systemillustrated in FIG. 4 ) according to the embodiment, since it ispossible to transmit the authentication information in a state in whichthe restricted function information (RF) I3 is added, from the firstuser terminal 200 a to the second user terminal 200 b without goingthrough the server device 400, the authentication information can bemore smoothly delivered and received between the first user terminal 200a and the second user terminal 200 b.

In a case where an owner of a vehicle lends the host vehicle to anotherperson as the content use space by using the authentication informationsharing system as described above, information on the host vehicle maybe made public on the web via the Internet by a predeterminedapplication. The “information on the host vehicle” in this case isinformation on the position of the vehicle, the lendable time for thevehicle, contents of the digital contents (list of the digital contentsand the like) that can be provided by the content providing devicemounted on the vehicle, or the like. By such information being madepublic, it becomes possible for the other persons who desire to use thevehicle as the content use space to search for vehicles to be used.

According to a charging fee in a case where another person borrows thevehicle as the content use space, the digital contents that can beprovided by the content providing device may be restricted. In thiscase, content use restriction information imposing restrictions on thecontent provided by the content providing device may be added to theauthentication information to be transmitted to a portable terminalcarried by the other person according to a restriction content. In acase where the content use restriction information is added to theauthentication information received by the portable terminal, in a casewhere the content providing device is used using the portable terminal,it becomes not possible to use some content according to the content userestriction information. According to the above descriptions, it ispossible to place the restrictions according to the charging fee on thecontent that can be provided by the other person who has borrowed thevehicle manipulating the content providing device.

What is claimed is:
 1. A server comprising: circuitry configured todistribute key information to a first portable terminal, wherein: thekey information includes information indicating whether locking andunlocking of a vehicle, making the vehicle travel, and using a contentproviding device that provides digital contents in a vehicle cabin arepermitted, the key information includes restricted function informationindicating that locking and unlocking of the vehicle and use of thecontent providing device are permitted but traveling of the vehicle isnot permitted, the key information includes deliverable informationmaking the key information deliverable to another terminal, and thedeliverable information is excluded from the key information when thekey information is sent from the first portable terminal to a secondportable terminal.
 2. The server according to claim 1, wherein the keyinformation is delivered, based on the deliverable information, from thefirst portable terminal to the second portable terminal without goingthrough the server.
 3. The server according to claim 1, wherein the keyinformation is distributed to the first portable terminal in response toa request received by the server from the first portable terminal. 4.The server according to claim 3, wherein the request specifies that therestricted function information is added to the key information.
 5. Theserver according to claim 1, wherein the restricted function informationprevents an engine of the vehicle from being started.
 6. The serveraccording to claim 1, wherein a user of the first portable terminal isan owner of the vehicle, and a user of the second portable terminal is aborrower of the vehicle.
 7. A method performed in a server, the methodcomprising: distributing key information to a first portable terminal,wherein: the key information includes information indicating whetherlocking and unlocking of a vehicle, making the vehicle travel, and usinga content providing device that provides digital contents in a vehiclecabin are permitted, the key information includes restricted functioninformation indicating that locking and unlocking of the vehicle and useof the content providing device are permitted but traveling of thevehicle is not permitted, the key information includes deliverableinformation making the key information deliverable to another terminal,and the deliverable information is excluded from the key informationwhen the key information is sent from the first portable terminal to asecond portable terminal.
 8. The method according to claim 7, whereinthe key information is delivered, based on the deliverable information,from the first portable terminal to the second portable terminal withoutgoing through the server.
 9. The method according to claim 7, furthercomprising: receiving a request from the first portable terminal,wherein the key information is distributed to the first portableterminal in response to the request.
 10. The method according to claim9, wherein the request specifies that the restricted functioninformation is added to the key information.
 11. The method according toclaim 7, wherein the restricted function information prevents an engineof the vehicle from being started.
 12. The method according to claim 7,wherein a user of the first portable terminal is an owner of thevehicle, and a user of the second portable terminal is a borrower of thevehicle.
 13. A non-transitory computer readable medium havinginstructions stored therein, which when executed by a processor in aserver case the processor to execute a method comprising: distributingkey information to a first portable terminal, wherein: the keyinformation includes information indicating whether locking andunlocking of a vehicle, making the vehicle travel, and using a contentproviding device that provides digital contents in a vehicle cabin arepermitted, the key information includes restricted function informationindicating that locking and unlocking of the vehicle and use of thecontent providing device are permitted but traveling of the vehicle isnot permitted, the key information includes deliverable informationmaking the key information deliverable to another terminal, and thedeliverable information is excluded from the key information when thekey information is sent from the first portable terminal to a secondportable terminal.
 14. The non-transitory computer readable mediumaccording to claim 13, wherein the key information is delivered, basedon the deliverable information, from the first portable terminal to thesecond portable terminal without going through the server.
 15. Thenon-transitory computer readable medium according to claim 13, themethod further comprising: receiving a request from the first portableterminal, wherein the key information is distributed to the firstportable terminal in response to the request.
 16. The non-transitorycomputer readable medium according to claim 15, wherein the requestspecifies that the restricted function information is added to the keyinformation.
 17. The non-transitory computer readable medium accordingto claim 13, wherein the restricted function information prevents anengine of the vehicle from being started.
 18. The non-transitorycomputer readable medium according to claim 13, wherein a user of thefirst portable terminal is an owner of the vehicle, and a user of thesecond portable terminal is a borrower of the vehicle.